It seemed like data breaches were everywhere this past year. Some will say this was because the media was simply paying more attention in 2014. Some will say that the 27.5% YoY increase in breaches just meant there were more breaches to cover. One thing is for certain, though, more breaches were made public in 2014 than any of us have ever seen.
So what started all the hype? Although it didn’t happen last year, the Target breach of 2013 was a driving force behind the momentum of data breach discussions. It was staggering in size, its effects were widespread, and what made it even more frightening was that it was all the result of a hack that infiltrated the POS system.
The Target hack of 2013 proved that security is more than simply protecting your consumer-facing online presence. Security is about protecting consumer data – regardless of how and where it is obtained, or where it is stored. The media is now paying close attention, and will be quick to call out any and all that neglect to protect customer data and information.
So what can we learn from the 783 data breaches that occurred in 2014? Well, according to the Identity Theft Resource Center (ITRC), the top four causes of breaches were Hacking (29%), Subcontractor/Third Party (15.1 %), Accidental Exposure (11.5%), and Data in Transit (7.9%).
This has been interpreted in a couple of ways:
- Hacking (29%) accounts for nearly 1/3 of all data breaches, so it’s best to put the majority of your security resources there…just to be safe.
- Security resources should focus on the other three items in the top four. Combined, they account for 34.5% of all breaches, and all revolve around problems with training and/or process.
The truth is that no one will complain if you’re doing everything you can to protect your company from hackers. Executives know about the hacks and expect their folks to respond. Plus, hacking gets all the good press. But the rest of the truth is, focusing on hacking while neglecting training and procedures is like putting iron bars on the front door of your home and then completely removing your back door.
So what can we learn from the year of the data breach? Well, while hacking is still a major problem behind data breaches, it’s not the only one. In fact, the majority of breaches happen because employees or business partners aren’t aware of security best practices, policies, and procedures. So in addition to investing in protection against hackers, companies must continually educate employees on how to treat sensitive information. They must also begin to require their business partners to do the same and ask for proof that training took place.
There’s no question that eCommerce security will be a two-front war in 2015 and beyond. And paying close attention to all the battles being waged will be the only way to ensure the safest possible environment possible for online shoppers while protecting your company from an onslaught of negative media scrutiny.